U.S. patent application number 10/145965 was filed with the patent office on 2003-03-20 for graphical user interface for performing administration on web components of web sites in a portal framework.
Invention is credited to Anuff, Ed, Chaudhary, Siddharth Rishi Raj, Guyot, Noah, Harbaugh, Edith, MacLeod, Dave, Moses, Dean, Petersen, John, Phillips, Amy, Vonderweid, Ethan.
Application Number | 20030056026 10/145965 |
Document ID | / |
Family ID | 23255008 |
Filed Date | 2003-03-20 |
United States Patent
Application |
20030056026 |
Kind Code |
A1 |
Anuff, Ed ; et al. |
March 20, 2003 |
Graphical user interface for performing administration on web
components of web sites in a portal framework
Abstract
Graphical user interfaces are provided for administrators to
perform administration type operations. Sets of users granted
administrative privileges may further grant and delegate
administrative privileges to other sets of users to perform
administration type operations on site objects over which they have
administrative privileges. The types of graphical user interfaces
includes server consoles and site consoles. Server consoles enable
the performance of administration on all objects within the
framework. Site consoles enable the performance of administration
within a respective site.
Inventors: |
Anuff, Ed; (San Francisco,
CA) ; Harbaugh, Edith; (Oakland, CA) ;
Vonderweid, Ethan; (San Francisco, CA) ; Petersen,
John; (San Francisco, CA) ; Phillips, Amy;
(Oakland, CA) ; Guyot, Noah; (San Francisco,
CA) ; Moses, Dean; (San Francisco, CA) ;
MacLeod, Dave; (Oakland, CA) ; Chaudhary, Siddharth
Rishi Raj; (San Francisco, CA) |
Correspondence
Address: |
SWIDLER BERLIN SHEREFF FRIEDMAN, LLP
3000 K STREET, NW
BOX IP
WASHINGTON
DC
20007
US
|
Family ID: |
23255008 |
Appl. No.: |
10/145965 |
Filed: |
May 16, 2002 |
Related U.S. Patent Documents
|
|
|
|
|
|
Application
Number |
Filing Date |
Patent Number |
|
|
60322462 |
Sep 17, 2001 |
|
|
|
Current U.S.
Class: |
719/316 ;
719/320 |
Current CPC
Class: |
G06F 40/143 20200101;
H04L 41/22 20130101; G06F 16/972 20190101; G06F 16/9535 20190101;
H04L 67/1097 20130101; H04L 9/40 20220501; H04L 67/567 20220501;
G06Q 10/10 20130101; H04L 63/105 20130101; H04L 41/28 20130101;
H04L 69/329 20130101; H04L 67/59 20220501; H04L 67/306 20130101;
H04L 67/10 20130101; H04L 67/1095 20130101; G06F 16/958
20190101 |
Class at
Publication: |
709/316 ;
709/320 |
International
Class: |
G06F 009/46 |
Claims
We claim:
1. A portal management framework for performing administration on a
portal server framework on a computer network, comprising: a first
console class configured to instantiate a first console object
operable to: perform a first administration operation to
instantiate a set of site objects; and perform a second
administration operation to instantiate a first set of permission
objects, each permission object in the first set of permission
objects defining a first set of users having access to, and first
set of administrative privileges associated with, a site object in
the set of site objects; whereby, upon installation on the computer
network, the class is executable by a processor on the network.
2. The framework according to claim 1, wherein access to the first
console object is in accordance with a second set of administrative
privileges granted to a second set of users defined by a first
console permission object.
3. The framework according to claim 1, wherein the first console
object is operable to perform a third administration operation to
map each site object in the set of site objects to at least one of:
a domain name server (DNS) and a uniform resource locator
(URL).
4. The framework according to claim 1, wherein the first console
object is operable to perform a third administration operation on
each object in a collection of objects available to the set of site
objects.
5. The framework according to claim 1, wherein the first set of
administrative privileges includes permission to instantiate a
second set of permission objects.
6. The framework according to claim 5, wherein each permission
object in the second set of permission objects defines a second set
of users having access to, and a second set of administrative
privileges associated with, a site object in the set of site
objects.
7. The Framework according to claim 6, wherein the second set of
administrative privileges includes performing a third
administration operation to instantiate a child-site object to the
site object in the set of site objects.
8. The Framework according to claim 7, further comprising a second
console class configured to instantiate a second console object
operable to perform the third administration operation.
9. The Framework according to claim 8, wherein the second set of
administrative privileges includes accessing the second console
object.
10. The Framework according to claim 6, wherein the second set of
administrative privileges includes performing a third
administration operation to instantiate a third permission object
defining a third set of users having access to, and third set of
administrative privileges associated with, a site object in the set
of site objects.
11. The Framework according to claim 10, further comprising a
second console class configured to instantiate a second console
object operable to perform the third administration operation.
12. The Framework according to claim 11, wherein the second set of
administrative privileges includes accessing the second console
object.
13. A method of performing administration on a portal server
framework on a computer network, comprising: providing a first
console class configured to instantiate a first console object
operable to: perform a first administration operation to
instantiate a set of site objects; and perform a second
administration operation to instantiate a first set of permission
objects, each permission object in the first set of permission
objects defining a first set of users having access to, and first
set of administrative privileges associated with, a site object in
the set of site objects; whereby, upon installation on the computer
network, the class is executable by a processor on the network.
14. The method according to claim 13, wherein access to the first
console object is in accordance with a second set of administrative
privileges granted to a second set of users defined by a first
console permission object.
15. The method according to claim 13, wherein the first console
object is operable to perform a third administration operation to
map each site object in the set of site objects to at least one of:
a domain name server (DNS) and a uniform resource locator
(URL).
16. The method according to claim 13, wherein the first console
object is operable to perform a third administration operation on
each object in a collection of objects available to the set of site
objects.
17. The method according to claim 13, wherein the first set of
administrative privileges includes permission to instantiate a
second set of permission objects.
18. The method according to claim 17, wherein each permission
object in the second set of permission objects defines a second set
of users having access to, and a second set of administrative
privileges associated with, a site object in the set of site
objects.
19. The method according to claim 18, wherein the second set of
administrative privileges includes performing a third
administration operation to instantiate a child-site object to the
site object in the set of site objects.
20. The method according to claim 19, further comprising providing
a second console class configured to instantiate a second console
object operable to perform the third administration operation.
21. The method according to claim 20, wherein the second set of
administrative privileges includes accessing the second console
object.
22. The method according to claim 18, wherein the second set of
administrative privileges includes performing a third
administration operation to instantiate a third permission object
defining a third set of users having access to, and third set of
administrative privileges associated with, a site object in the set
of site objects.
23. The method according to claim 22, further comprising providing
a second console class configured to instantiate a second console
object operable to perform the third administration operation.
24. The method according to claim 23, wherein the second set of
administrative privileges includes accessing the second console
object.
25. A computer program product for performing administration on a
portal server framework on a computer network, comprising: a
computer readable medium; and computer program instructions,
recorded on the computer readable medium, executable by a
processor, for performing the steps of: providing a first console
class configured to instantiate a first console object operable to:
perform a first administration operation to instantiate a set of
site objects; and perform a second administration operation to
instantiate a first set of permission objects, each permission
object in the first set of permission objects defining a first set
of users having access to, and first set of administrative
privileges associated with, a site object in the set of site
objects; whereby, upon installation on the computer network, the
class is executable by a processor on the network.
26. The method according to claim 25, wherein access to the first
console object is in accordance with a second set of administrative
privileges granted to a second set of users defined by a first
console permission object.
27. The computer program product according to claim 25, wherein the
first console object is operable to perform a third administration
operation to map each site object in the set of site objects to at
least one of: a domain name server (DNS) and a uniform resource
locator (URL).
28. The computer program product according to claim 25, wherein the
first console object is operable to perform a third administration
operation on each object in a collection of objects available to
the set of site objects.
29. The computer program product according to claim 25, wherein the
first set of administrative privileges includes permission to
instantiate a second set of permission objects.
30. The computer program product according to claim 29, wherein
each permission object in the second set of permission objects
defines a second set of users having access to, and a second set of
administrative privileges associated with, a site object in the set
of site objects.
31. The computer program product according to claim 30, wherein the
second set of administrative privileges includes performing a third
administration operation to instantiate a child-site object to the
site object in the set of site objects.
32. The computer program product according to claim 31, further
comprising computer program instructions for performing the steps
of providing a second console class configured to instantiate a
second console object operable to perform the third administration
operation.
33. The computer program product according to claim 32, wherein the
second set of administrative privileges includes accessing the
second console object.
34. The computer program product according to claim 30, wherein the
second set of administrative privileges includes performing a third
administration operation to instantiate a third permission object
defining a third set of users having access to, and third set of
administrative privileges associated with, a site object in the set
of site objects.
35. The computer program product according to claim 34, further
comprising computer program instructions for performing the step of
providing a second console class configured to instantiate a second
console object operable to perform the third administration
operation.
36. The computer program product according to claim 35, wherein the
second set of administrative privileges includes accessing the
second console object.
Description
CROSS REFERENCE TO RELATED PATENT APPLICATIONS
[0001] This application is based on, and claims the benefit of,
provisional application 60/322,462 filed Sep. 17, 2001.
BACKGROUND OF THE INVENTION
[0002] 1. Field of the Invention
[0003] The present invention relates to a method, a system and a
computer program product for providing a site as a collection of
software web objects. More particularly, the present invention
relates to a method, a system and a computer program product for
providing a site as a collection of web objects that can be
manipulated by a set of users having assigned privileges defined by
permissions associated with each software web object in the
collection of objects.
[0004] 2. Description of the Prior Art
[0005] Traditionally, web sites have been considered to be all
resource files organized and accessible from a given domain name
associated with a system, such as a server. Typically, a web sites
has a common look, feel and navigational structure through the web
site. Computer program code is implemented to provide the common
look, feel and navigational structure of a web site. Portals have
been implemented to provide a gate to access a plurality of web
objects of a web site for simultaneous viewing on a display. Most
companies and organizations provide different types of portals for
a variety of purposes including portals for the general public,
intranet portals for their employees, and extranet portals for
their customers, vendors, supplies and other parties with whom they
transact business.
[0006] The complexity and cost of developing, deploying,
administering and continually enhancing portals is tremendous. In
developing, deploying and maintaining portals it is often necessary
to implement objects of a web site. Typically, developing,
deploying, administering and continually enhancing portals, such as
implementing web objects of a web site provided by a portal,
requires the physical selection and transfer of files to systems
desired to implement web objects of a web site in a portal.
Alternatively, the entire web site must be archived in a file and
transferred to a system in order to implement the web site. This
type of development, deployment, administration and continuous
enhancement of portals is complex, costly and prone to error.
Additionally, the process requires the manual transfer of code and
libraries to a system. Lastly, aspects of a web site cannot be made
available to an intended group of users for commercial use.
Companies and organizations are forced to maintain staffs of highly
skilled engineers and content developers, or to outsource these
tasks. Meanwhile, Internet-related technologies are proliferating
and maturing, and Internet users' expectations continue to
increase. Maintaining an effective portal often competes with and
detracts from the resources available for an organization's primary
goals.
[0007] There is a need for a new method of administrating web
objects on a portal framework as a collection of software objects.
There is a need for a method of managing the software object
employing a set of users granted privileges associated with
respective objects in the collection of software objects. There is
a need for a new method of sharing objects of web sites in a
between web site. There is a need for a new method of distributing
components to all systems on a portal systems framework. There is a
need for a new method of allowing the packaging and commercial sale
of components to portals.
SUMMARY OF THE INVENTION
[0008] According to embodiments of the present invention, a method,
a system and a computer program product for performing
administration on a portal server framework on a computer network.
Graphical user interfaces are provided for administrators to
perform administration type operations. Sets of users granted
administrative privileges may further grant and delegate
administrative privileges to other sets of users to perform
administration type operations on site objects over which they have
administrative privileges. The types of graphical user interfaces
includes server consoles and site consoles. Server consoles enable
the performance of administration on all objects within the
framework. Site consoles enable the performance of administration
within a respective site.
[0009] A portal management framework for performing administration
on a portal server framework on a computer network includes a first
console class configured to instantiate a first console object. The
first console object is operable to perform a first administration
operation to instantiate a set of site objects, and perform a
second administration operation to instantiate a first set of
permission objects. Each permission object in the first set of
permission objects defines a first set of users having access to,
and first set of administrative privileges associated with, a site
object in the set of site objects. Upon installation on the
computer network, the class is executable by a processor on the
network.
[0010] In an embodiment of the present invention, the portal
management framework includes a second console class configured to
instantiate a second console object operable to perform the third
administration operation.
[0011] A method of performing administration on a portal server
framework on a computer network includes providing a first console
class configured to instantiate a first console object. The firs
console object is operable to perform a first administration
operation to instantiate a set of site objects and perform a second
administration operation to instantiate a first set of permission
objects. Each permission object in the first set of permission
objects defines a first set of users having access to, and first
set of administrative privileges associated with, a site object in
the set of site objects. Upon installation on the computer network,
the class is executable by a processor on the network.
[0012] In an embodiment of the present invention, the method
includes providing a second console class configured to instantiate
a second console object operable to perform the third
administration operation.
[0013] A computer program product for performing administration on
a portal server framework on a computer network includes a computer
readable medium; and computer program instructions, recorded on the
computer readable medium. The computer program instructions are
executable by a processor for performing the steps of providing a
first console class configured to instantiate a first console
object. The first console object is operable to perform a first
administration operation to instantiate a set of site objects and
perform a second administration operation to instantiate a first
set of permission objects. Each permission object in the first set
of permission objects defining a first set of users having access
to, and first set of administrative privileges associated with, a
site object in the set of site objects. Upon installation on the
computer network, the class is executable by a processor on the
network.
[0014] In an embodiment of the present invention, the computer
program product includes computer program instructions executable
by a processor for performing the steps of providing a second
console class configured to instantiate a second console object
operable to perform the third administration operation.
BRIEF DESCRIPTION OF THE DRAWINGS
[0015] The above described features and advantages of the present
invention will be fully appreciated with reference to the detailed
description and appended figures in which:
[0016] FIG. 1 depicts a functional block diagram of an embodiment
of a framework in which the present invention can find
application;
[0017] FIG. 2 depicts a functional block diagram of a system
depicted in the framework of FIG. 1;
[0018] FIG. 3a depicts a functional block diagram of a system
depicted in the framework of FIG. 1;
[0019] FIG. 3b depicts a functional block diagram of a system
depicted in the framework of FIG. 1;
[0020] FIG. 4 depicts a functional block diagram of a system
depicted in the framework of FIG. 1;
[0021] FIG. 5a illustrates an exemplary repository framework for
storing a collection of references to a collection of objects of
sites in Framework 100 according to an embodiment of the present
invention;
[0022] FIG. 5b illustrates exemplary rules governing setting of
default values for permissions of objects in sites of framework in
FIG. 1;
[0023] FIG. 5c is an exemplary diagram explaining the application
of the non-site administration rule;
[0024] FIG. 6 illustrates an exemplary embodiment of a site
hierarchy implemented by the present invention;
[0025] FIG. 7 depicts an exemplary form for setting primary site
values according to an embodiment of the present invention;
[0026] FIG. 8 illustrates an exemplary embodiment of object reuse
between repositories in Framework 500, implemented by the present
invention;
[0027] FIG. 9 is an exemplary table illustrating objects and the
objects they may reference and use;
[0028] FIG. 10 is an exemplary embodiment of multi-level
navigational horizontal configuration;
[0029] FIG. 11 is an exemplary embodiment of multi-level
navigational horizontal and vertical configuration;
[0030] FIG. 12 is an exemplary diagram illustrating a deployment
management framework for importing and exporting components of a
site for between portals employed by Framework 100;
[0031] FIG. 13 depicts an exemplary collection of extensible markup
language and the file assets stored as individual export files;
[0032] FIG. 14 illustrates menu items of menus with link titles for
menu items definitions;
[0033] FIG. 15 illustrates a segment of a site navigation captured
as a menu object;
[0034] FIG. 16a illustrates a table for implementing the combined
algorithm;
[0035] FIG. 16b illustrates a table for implementing the exclusive
algorithm;
[0036] FIG. 17 depicts an exemplary embodiment of a top level
locking interface;
[0037] FIG. 18 depicts an exemplary embodiment of a front door page
of an end user site employing menuing structures according to the
present invention;
[0038] FIG. 19 depicts the rules determining the operation of the
control menu system and a site navigation system according to an
embodiment of the present invention; and
[0039] FIGS. 20a-20b are exemplary illustrations of consoles
according to an embodiment of the present invention.
DETAILED DESCRIPTION OF THE INVENTION
[0040] The present invention is now described fully hereinafter
with reference to the accompanying drawings showing embodiments of
the present invention. The present invention, however, may be
embodied in many different forms and should not be construed as
limited to embodiments set forth herein. Appropriately, these
embodiments are provided so that this disclosure will be thorough
and complete, and will fully convey the scope of the present
invention.
[0041] Overall Framework
[0042] FIG. 1 depicts a functional block diagram of a framework in
which the present invention can find application. In the embodiment
of FIG. 1, Framework 100 may be implemented to provide for the
administration of sites on Framework 100 as a collection of
software objects that may be managed by a set of users granted
privileges associated with respective objects in the collection of
software objects. Framework 100 may employ and maintain portals to
provide gateways for access to objects of a site. Framework 100 may
be implemented to perform administration such as importing and
exporting components of a site between portals on Framework 100,
sharing objects between sites on Framework 100 and granting
privileges associated with objects to users of Framework 100.
[0043] A console may be employed to perform administration on a
site of Framework 100. A console may be a graphical user interface
of an administration site provided to an administrator to perform
administration on objects in Framework 100. For example, a server
console is a graphical user interface of a server administration
site operable to perform administration on all objects in Framework
100. Alternatively, a site console is a graphical user interface of
an administration site provided to an administrator to perform
administration on objects of one or more sites. Access to a given
site console of an administration site may be governed by
privileges defined by permissions, such as "can access site
administrator context" permission for the site. Likewise, access to
a given server console for an administration site be governed by
privileges defined by permissions, such as "can access system
administrator context" permission for the administration site.
Access to an administration site may be provided by employing a
link that appears to a user upon authentication of the user. A user
with privileges to both a site console and server console may
switch between consoles.
[0044] A site is considered, for the purposes of the present
invention, to be a collection of software objects given a single
identity. The single identity may be characterized by a shared
look-and-feel, a shared set of navigation links, and members of a
group who are automatically granted privileges to perform
administration on at least some of the software objects in the
collection as well as elements of the site. The collection of
software objects in a site includes non-file assets such as users,
groups, modules, module types, pages, menus, themes, structures,
styles and templates. Detailed descriptions of each software object
in the collection are provided in U.S. Pat. No. 6,327,628 herein
incorporated by reference.
[0045] Elements of a site include, but are not limited to, logon
permissions, administrative permissions, site branding, site
content and site navigation. Components of a site include file
assets and non-file assets. File assets include resources such as
code including JSP pages, ASP pages, Java classes and or object
oriented programming language classes, and images including GIF
files, etc. stored as a file on a file system and implemented to
provide a site. Non-file assets include, but are not limited to,
instantiated programming language objects stored in a database,
such as described above (as opposed to static class files), and in
addition to permissions, user preferences and settings.
[0046] A software object may represent an actor within an overall
system design. Such actors may correspond to real-world concepts,
or may exist purely to support the overall design. Software objects
encapsulate the data and logical processes of the actor. This
encapsulation makes software objects easy to use, because the user
of a software object need not know how the software object performs
its processes. Software objects are also extensible, where other
software objects can be built on top of existing software objects,
allowing the new software object to expand the concept of the old
software object without having to rewrite the functionality of the
old software object. These properties of software objects make
object-oriented systems flexible and extensible.
[0047] An object model, such as an XML object model representation
of web sites, includes a collection of software objects that work
together in documented relationships. Framework 100 employs an
object-oriented system built on such an object model. Each software
object in Framework 100 is implemented employing a set of classes
that define the behavior and characteristics of the software object
when instantiated.
[0048] In an embodiment of the present invention, logon permissions
define the ability of a user to access a respective site.
Administrative permissions define the ability of a user to perform
administration on a respective site. Site branding defines the
look-and-feel of a respective site. Site content includes objects
in a collection of software objects available within a respective
site. Site navigation defines the mechanism for moving between
different areas of a site. Users may have privileges with respect
to objects and elements in order to perform administration on the
objects and elements of a site on framework 100.
[0049] In the FIG. 1 embodiment of the present invention, framework
100 includes systems 102, systems 106, systems 108 and network 104.
Framework 100 may transmit using network 104, any combination of
voice, video and/or data between devices. One having ordinary skill
in the art would recognize that Framework 100 is highly scaleable
where any number of systems 102, systems 106 and systems 108 may be
implemented to perform the functions of the present invention.
[0050] Each system 102 couples to systems 110 employing network
104. Systems 102 may be any apparatus from which, and to which, any
combination of voice video and/or data may be transmitted over a
network 104, such as the Internet, Intranet or an extranet. Systems
102 may be used to provide for the administration of sites on
framework 100 as a collection of software objects that can be
manipulated by a set of users having assigned privileges defined by
permissions associated with each software object in the collection
of software objects, share objects between sites and automatically
grant privileges associated with objects to users.
[0051] Each system 110 couples to a system 106 employing suitable
communication means. Each system 110 may be any apparatus from
which, and to which, any combination of voice video and/or data may
be transmitted over a network 104, such as the Internet or an
extranet. In a preferred embodiment of the present invention, the
system 110 is a web server. System 110 manages web page requests
from system 102 and delivers HTML documents (Web pages) in response
to the requests from system 106.
[0052] Each system 110 couples to a system 106 employing suitable
communication means. Each system 106 may be any apparatus from
which, and to which, any combination of voice video and/or data may
be transmitted over a network 104, such as the Internet or an
extranet. In a preferred embodiment of the present invention, the
system 106 is an application server. A set of systems 106 may be
operable to implement the functions of the present invention. The
presentation of web site and administration of sites objects are
implemented by system 106 employing software services that are
provided by software and suitable class libraries that connect to
other systems as needed. System 106 may provide processing between
system 102 and system 108, such as delivery of information as well
as processing information for users of system 102. Processing by
system 106 may be performed by Java servlets, JavaServer Pages
(JSPs), Enterprise JavaBeans (EJBs), Active Server Pages (ASPs) and
ActiveX controls. The system 110 and system 106 can be one in the
same computer system or separate computer system.
[0053] Each system 108 couples to a system 106 employing suitable
communication means. Each system 108 may be any apparatus that
executes program instruction in accordance with the present
invention to store data and provide software object persistence via
a suitable database interface. In addition, system 108 may directly
transfer information to system 110 or through system 106 in
response to a request for information as well as transfer
information to user system 102 in response to a request made to
system 110 by user system 102 over network 104.
[0054] Network 104 may be a local area network, a wide area
network, the Internet, an extranet, a wireless network, or the
like. The network 104 may transfer information between system 102
and system 106, system 108 and system 110. The information
transferred may include any combination of voice, video and/or
data. Network 104 can be implemented as a wireless network or a
wired network.
[0055] User groups of Framework 100 include, but are not limited
to, an everyone group, user group, new user group, site
administration group, shared group, Normal Groups, Guest Group,
Registered Users Group, and Self Registered Users Groups. Groups
define the characteristics of user members based on privileges
granted to the groups to perform administration. The privileges
granted to users and groups are defined by values assigned to
permissions settings based on, in part, an occurrence of a type of
administration in Framework 100. The values assigned to permissions
may be set automatically as the result of a type of administration
or operation by a type of administration operation.
[0056] An everyone group may be a virtual system group. It may
contain every user in Framework 100, including guests. The everyone
group is a special conceptual group which allows batch permissions
to be set for all groups implemented as a flag that lives on every
permission which short-circuits the group-based permissions lookup.
The Site Administration group may be automatically created for a
site whenever a user creates the site. A site administration group
may contain users granted privileges to perform administration on
the site. Site administration groups may be stored in a special
table in a system, such as system 108.
[0057] A User group may include users granted privileges to perform
administration on an object of a site. A shared group may include
members of a group available for sharing by a site. Members of the
share group may access a site when granted privileges to access the
site. A guest group may be a virtual group of users who are not
registered with a site in a site context, or with any site in a
system context. The members of the guest group may be granted
privileges with respects to a site. Access to a site by members of
the guest group may require the site to allow access by guest
users. A new user group may be a new user assigned to a newly
created site.
[0058] Registered users group may be a virtual group of users who
are accessing a site in a site context, or a site in a system
context, in accordance with privileges granted to access the site.
The members of the registered user group may be granted privileges
with respect to a site. Access to the site by members of a
registered user group may require the site to allow access by guest
users. A self registered users group may be a virtual group of
users who are accessing a site in a site context, or a site in a
system context, in accordance with privileges granted by the site.
The members of the registered user group may be granted privileges
with respects to a site. Access to the site by members of a
registered user group may require the site to allow
self-registration by users. Normal group may be a group created by
an administrator and given privileges as defined by the
administrator for that group.
[0059] Framework 100 users include administrators, delegated
administrators and end-users. Administrators include server
administrators and site administrators. Server administrators are
installation-level users who may have privileges over all aspects
of an installation. Server administrator may have privileges over
all objects in Framework 100 in accordance with permission
settings. Server administrators may have privileges over objects of
a site in accordance with privileges granted to the server
administrator by membership within groups on Framework 100.
Privileges granted server administrators may include administration
of objects on a system and objects on sites. Administration may
include, but is not limited to, deploying a site, locking down
elements, creating sites anywhere in Framework 100, granting and
revoking privileges to users for performing administration,
configuring privileges for sites, logging on to end-user sites,
mapping created sites to URL, modifying systems properties, site
branding and sharing objects between sites. Administration by a
server administrator may be performed in a system context from a
server console accessible in accordance with privileges granted the
server administrator and in a site context from a site console
accessible in accordance with privileges granted the server
administrator.
[0060] Site administrators may have privileges over at least some
objects in Framework 100 in accordance with permission settings.
Site administrators may have privileges over objects in a site in
accordance with privileges granted the site administrators by
membership in a site administration group. Privileges granted to
site administrators may include administration of objects on a
site. Privileges may be granted by configuring the permissions of a
child site by a site administrator of a parent site to the child
site, or directly by a server administrator employing a server
console. Alternatively, site administrators may be granted
privileges by configuring permissions for a site by a server
administrator employing a server console. Privileges granted to a
site administrator may include, but is not limited to, deploying
sites, creating sub-sites of a site, accessing objects on Framework
100 for sites and sub-sites, managing the look, feel, membership
and navigational structure of sites and sub-sites, modifying
branding of sites and sub-sites, sharing objects with sites,
overriding default site settings, previewing sites and performing
user searches. A site administrator exists as long as the
respective site there is a site administrator for exists.
[0061] Delegated administrators include delegated server
administrators and delegated site administrators. Delegated Server
Administrators may be granted privileges over at least some of the
object in framework 100 in accordance with permission settings.
Delegated Server administrators may be granted at least some of the
privileges of a server administrator over objects by a server
administrator. Administration by a delegated server administrator
may be performed in a system context from a server console
accessible in accordance with privileges granted the server
administrator and in a site context from a site console accessible
in accordance with privileges granted by the server
administrator.
[0062] Delegated site administrators may be granted at least some
of the privileges over at least some of the objects in Framework
100 in accordance with permission settings. Delegated site
administrators may be granted at least some of the privileges of a
site administrator over objects by the site administrator.
Administration by a delegated site administrator may be performed
in a site context from a site console accessible in accordance with
privileges granted by the site administrator.
[0063] End-users include guest users and registered users. Guest
users may be users not registered with a site, such as users
without a password or login Id. A guest user may access sites
allowing access by guest users. Registered users include users who
have performed registration in order to receive a login Id and
password for a site allowing self-registration by users. Registered
user may access sites they are registered with as well as other
sites allowing self-registration by users.
[0064] Permissions that may be configured by setting permission
values to grant privileges include system permissions, site
permissions, end-user permissions and object permissions.
Permissions values may be set automatically, in response to the
occurrence of a type of administration, and explicitly, by a type
of administration. Systems permissions are granted in a system
context. Systems permissions values may be set for a system to
grant at least some privileges of a server administrator over the
system to delegated server administrator. Privileges granted to
delegated server administrators by setting systems permissions
values may be performed by the delegated server administrator from
a server console. System permissions includes can create ungrouped
users permissions and can edit/delete ungrouped users
permissions.
[0065] Site permissions are granted to site administrator in a site
context. Site permissions may be set for a site to grant privileges
to site administrators over the site. The site administrator may
then delegate their privileges to groups within a respective site
associated with the site administrator from the site console for
the site. Privileges granted to a site administrator, by setting
site permissions for a site, may be performed by the site
administrator from the site console for the site. Site permissions
include can add to site and can share to site.
[0066] Component (object) administration permissions are granted to
administrators in a system context. In an embodiment of the present
invention, object administrative permissions may be set for an
object to grant privileges to a delegated administrator, such as a
delegated site administrator, over the object from a server console
and a site console. Privileges granted to delegated administrators
by setting objects administrative permissions from the server
console may be performed from a server console and any site console
by the delegated administrators. Privileges granted to delegated
administrators by setting objects administrative permissions from
the site console may be performed from a server console and a site
console of a site by the delegated administrator.
[0067] End User Permissions may define tasks performable by
end-users. End user permissions values may be configured by
administrators, such as server and site. End User permissions
values configured in the site context apply to a site. End User
permissions values set in the system context for objects apply to
all sites that employ the object. End user permissions include
module enabled, module editable, module minimizable and menu
enabled. End user permission may define tasks performable by
groups. An end user permission for a group set from the system
context applies to the group in all sites in the system. For
example, a site will have no control over user access to a module
with module enabled permission for the everyone group set.
[0068] FIG. 2 is a block diagram illustration of end user systems
102. The end user systems 102 may include CPU 202, connected by a
bus or other suitable interface means to system memory 208. The
user system 102 can also include input/output device interface, and
display interface 204. Input/output device interface 204 enables
interaction with and execution of instruction by user system 102 as
directed by a user. Display interface can display information
generated for output by user system 102 as provided by system 106.
As shown, the various components of the user system 102 communicate
through bus 218 or similar architecture. Accordingly, systems
memory 208 is disposed in communication with CPU 202 through bus
218. Systems memory 208 includes Browser Program 212, operating
system 214 and data 216.
[0069] Operating system 214 provides overall system functionality.
Browser program 212 implements computer program instructions
executed by CPU 202. The browser program 212 enables the
information transmitted from system 106 to be conveyed to a user in
a manner that can be understood by a user of user system 102. The
browser program 212 serves as a front end to the World Wide Web on
the Internet. The browser program 212 may be used to display
interfaces, such as consoles to perform administration on sites of
framework 100 over network 104.
[0070] FIG. 3a is an exemplary block diagram of system 110
illustrated in FIG. 1, in which the present invention may be
implemented. System 110 manages web page requests from system 102
and delivers HTML documents (Web pages) in response to the requests
from system 106. System 110 includes a processor (CPU) 326
connected by a bus 340 to memory 332, network interface 320 and I/O
circuitry 324.
[0071] In the FIG. 3a embodiment, CPU 326 is a microprocessor, such
as an INTEL PENTIUM.RTM. or AMD.RTM. processor, but may be any
processor that executes program instructions in order to carry out
the functions of the present invention. As shown, CPU 326 and the
various other components of the system 110 communicate through a
system bus 340 or similar architecture. Network interface 320
provides an interface between system 110 and a network 104, such as
the Internet. The network 104 may be a local area network (LAN), a
wide area network (WAN), or combinations thereof. I/O circuitry 304
provides an interface for the input of structured information to
and output of structured information from system 110. I/O circuitry
304 includes input devices, such as trackball, mice, touchpads and
keyboards, and output devices, such as printers and monitors.
[0072] In the FIG. 3a embodiment, memory 332 stores operating
system 338, web server software 336 and data 334. Operating system
338 provides overall system functionality. Data 334 may be any
structured data required by system 110. Web server software 336
performs the functions for managing the delivery of web pages.
[0073] FIG. 3b is an exemplary block diagram of system 106
illustrated in FIG. 1, in which the present invention may be
implemented. System 106 performs the functions for administration
of sites on framework 100 as a collection of software objects that
can be manipulated by a set of users having assigned privileges.
System 106 includes a processor (CPU) 302 connected by a bus 318 to
memory 308, network interface 310 and I/O circuitry 304.
[0074] In the FIG. 3b embodiment, CPU 302 is a microprocessor, such
as an INTEL PENTIUM.RTM. or AMD.RTM. processor, but may be any
processor that executes program instructions in order to carry out
the functions of the present invention. As shown, CPU 302 and the
various other components of the system 106 communicate through a
system bus 318 or similar architecture. Network interface 310
provides an interface between system 106 and a network 104, such as
the Internet. The network 104 may be a local area network (LAN), a
wide area network (WAN), or combinations thereof. I/O circuitry 304
provides an interface for the input of structured information to
and output of structured information from system 106. I/O circuitry
304 includes input devices, such as trackball, mice, touchpads and
keyboards, and output devices, such as printers and monitors.
[0075] In the FIG. 3b embodiment, memory 308 stores site
administration software 314, operating system 316, data 312,
application server software 320 and java virtual machine 322.
Operating system 316 provides overall system functionality. Data
312 may be any structured data required by system 106, such as
asset files and non-asset files. Site administration software 314
includes modular applications that run within sites. Administration
software 314 provides the functionality for providing and managing
of sites on framework 100 as a collection of web objects that can
be manipulated by a set of users having assigned privileges defined
by permissions associated with each object in the collection of
objects. The java virtual machine 322 converts the Java
intermediate language (bytecode) into machine language and executes
it. Application server software 322 performs the functions for
processing between system 102 and system 108
[0076] FIG. 4 is an exemplary block diagram of system 108
illustrated in FIG. 1, in which the present invention may be
implemented. System 108 may be a database management system that
includes data for retrieval by system 106 and employed by Framework
100 to perform the functions associated with the present invention.
In the FIG. 4 embodiment, system 108 is a general purpose computer,
such as a workstation, personal computer, server or the like, but
may be any apparatus that executes program instruction in
accordance with the present invention. System 108 includes a
processor (CPU) 402 connected by a bus 418 to memory 408, network
interface 410 and I/O circuitry 404.
[0077] In the FIG. 4 embodiment, CPU 402 is a microprocessor, such
as an INTEL PENTIUM.RTM. or AMD.RTM. processor, but may be any
processor that executes program instructions in order to carry out
the functions of the present invention. As shown, CPU 402 and the
various other components of the server 108 communicate through a
system bus 418 or similar architecture. Network interface 410
provides an interface between system 108 and a network 104, such as
the Internet. The network 104 may be a local area network (LAN), a
wide area network (WAN), or combinations thereof. I/O circuitry
provides an interface for the input of structured information to
and output of structured information from system 108. I/O circuitry
404 includes input devices, such as trackball, mice, touchpads and
keyboards, and output devices, such as printers and monitors.
[0078] In the FIG. 4 embodiment, memory 408 stores data 416, such a
file asset and non-file assets employed by Framework 100. Memory
408 includes routines, such as database management routines 412,
and operating system 414. Memory 408 includes memory devices, such
as read only memory (ROM), random access memory (RAM) hard disks,
CD-ROMs, floppy disks, optical storage devices, magnetic storage
devices, etc.
[0079] Repository Framework
[0080] FIG. 5a illustrates an exemplary repository framework for
storing a collection of references associated with a collection of
objects in Framework 100 for sites according to an embodiment of
the present invention. In the FIG. 5a embodiment of the present
invention, the repository framework 500 may be implement to perform
a sharing type of administration. A sharing type of administration
makes an object in Framework 100 available for reuse by a site,
directly or indirectly, by storing duplicates to a reference to the
object in one or more repository. In the FIG. 5 embodiment,
repository framework 500 includes site repositories 506, a system
repository 508 and a shared repository 510. A combination of at
least two repositories in framework 500 may be employed to perform
a sharing type of administration. A reference to an object in
Framework 100 may be stored in any number of repositories in
repository framework 500 or in no repositories at all.
[0081] In the FIG. 5a embodiment of the present invention, a site
repository 506 stores a collection of references to a collection of
objects for a site. The collection of objects may be stored in a
system, such as 108. Each site in Framework 100 has an associated
site repository. References to objects may be stored in a site
repository based on privileges granted with respect to the site
associated with the site repository. For example, a site desiring
to perform a share type administration must have privileges over
the site where a reference to an object is to be stored.
[0082] A site repository provides partitioning of referenced
objects in Framework 100 based on sites and constrains viewing of
referenced objects stored in a site repository to a set of users,
such as site administrators. This type partitioning provides a
security model that facilitates the creation of unique sites.
Storage of duplicate references to objects in a site repository 506
makes the object available for reuse by a site associated with the
site repository 506. For example, a site A will be able to use
objects in a repository for site A and a site B will be able to use
objects in a repository for site B. Each object available for reuse
in a site repository may be provided with permissions to define
privileges for the object.
[0083] A site administrator for a site may be automatically granted
privileges over objects referenced in a site repository for the
site. In the FIG. 5a embodiment of the present invention, the set
of privileges includes viewing and modifying the references to
objects in the site repository 500 for a site. Modification of
objects referenced in a site repository 500 for a site may include
adding and removing the references to objects in the collection of
software objects stored in the site repository.
[0084] In the FIG. 5a embodiment of the present invention, the
reference to objects stored in a site repository 506 may include
references to groups. Each reference to a group may allow for
access to individual users in the group. Each group may be granted
privileges to create, edit and delete ungrouped users. An Ungrouped
user is a user not yet assigned to group. The ungrouped user may or
may not have privileges associated with other groups. System
permissions, such as can create ungrouped users and can edit/delete
ungrouped users, define groups privileges to create, edit and
delete ungrouped users. The storage of references to groups in a
site repository makes the groups and the respective users in the
group available for functions done in the context of the site for
the site repository. In an embodiment of the present invention,
users may not be shared between site repositories.
[0085] In the FIG. 5a embodiment of the present invention, a system
repository 508 is a view of a collection references to objects on
Framework 100. The references to objects provided in a view of a
system repository 508 is based on privileges granted to a user to
access objects in Framework 100. The reference to objects provided
in the view may be further based on system repository privileges,
such as can see system repository privileges and can see system
administration context privileges, granted to the user with respect
to accessing the system repository. The values of permissions, such
as can see system repository and can see system administration
context, define the system repository privileges.
[0086] In the FIG. 5a embodiment of the present invention, a shared
repository 510 stores a collection of references to a collection of
objects on Framework 100 that are available for reuse by sites on
Framework 100. Each site in Framework 100 has a section in a shared
repository 510 as illustrated in FIG. 5b and discussed further
herein below. The storage of references to objects in a shared
repository may require designation of the section of the shared
repository for a site. The references to objects stored in a
section of shared repository for a site are the objects available
for reuse by the site. An object may be referenced in a share
repository a number of times, such as once in a section for each
site, on Framework 100 in the shared repository. For example,
module B is stored once in a site A section, a site B section, and
an All Sites section of a shared repository. In the FIG. 5a
embodiment of the present invention, references to objects will be
stored in a shared repository as read-only by default in both a
site context and system wide context. Site Administrators of a site
may be granted privileges to modify the read-only status of
references to objects in a section of a shared repository for the
site.
[0087] In an embodiment of the present invention, references to
objects may be stored in a section of a shared repository for a
particular site by users having visibility privileges for the site
and can share into shared repository privileges for the system.
These privileges may be granted by setting appropriate permissions
values for the user. In order to share objects to an All Sites
section of a shared repository can share to all sites privileges
may be required by users sharing the objects. All sites privileges
may be granted to users by setting all sites system permissions for
the users.
[0088] References to objects stored in a shared repository may be
viewed by a set of users. In an embodiment of the present
invention, references to objects stored in a shared repository may
be viewed by a set of users in a site context and a system context.
References to objects viewed from a site context and system context
may be references to objects in a section of a shared repository
for the site. A set of users having can see shared repository
privileges for a particular site may view the reference to objects
in the section of a shared repository for the site. The set of
users may be granted these privileges by setting can see shared
repository permissions for the set of users. In an embodiment of
the present invention, references to objects viewed from a system
context. References to objects viewed from a system context may be
references to objects in a shared repository. A set of users having
system wide can see shared repository privileges may view objects
in a section of a shared repository for the site. These privileges
may be granted to the set of users by setting system wide can see
shared repository permissions.
[0089] In an embodiment of the present invention, an unsharing type
of administration removes an object in Framework 100 from a site by
removing a reference to the object. An object may be removed from a
site by removing the reference to the object from a repository.
This type of unsharing applies to the site that the objects were
intended to be shared with by the user. For example, if an object
was shared to a site B by a site A and shared by site B to a site
C, unsharing by site A only affects site B and not site C. In order
for the object to be unshared to site C, site B will have to
unshare the object. Objects may be unshared with all sites by
deleting the objects from the Framework 100.
[0090] Automatic Permissioning Framework
[0091] Permissions to define privileges associated with objects may
be set with default values in Framework 100. Default values
automatically grant privileges with respects to objects. FIG. 5b
illustrates exemplary rules governing setting of default values for
permissions of objects. In an embodiment of the present invention,
the rules governing setting of default values for permissions of
objects apply all the time. They are not mutually exclusive. The
default values may be overridden after creation in a site context
or system context. Automatic permissions prevent objects from being
orphaned the moment they are created, provide creators of objects
access rights to the objects, allow a peer group of a set of users
to also have access rights over the object, allow a set of users to
perform administration on that object other than the creator and
reduces administration duties.
[0092] Privileges may be granted automatically to users and groups
in Framework 100 in order to perform various types of
administration. The automatic grant of privileges is governed by
rules implemented by Framework 100. In an embodiment of the present
invention, the rules implemented by Framework 100 define values
automatically assigned to permission values based on, in part, an
occurrence of a type of administration in Framework 100. The values
automatically assigned to permission can be overridden at the site
level provided a set of users have the privileges to modify the
system properties in a site context.
[0093] The rules governing the automatic privileges include object
type create, site transfer, site administration group, non-site
administration group and delegated administration. In the
embodiment of the present invention, the object type create rule
pertains to the creation of a new object on systems level and
applies to users having system level permission to create that
particular type of object. In an embodiment of the present
invention, the object type create rule pertains to the creation of
a new object on a site level and applies to users having permission
in a site to create that particular type of object.
[0094] The site transfer rule defines the transfer of objects to a
site repository. In an embodiment of the present invention, the
site transfer rule precludes the storing of references to objects
to a site repository by users without "can add to this site"
permission for a site associated with the site repository. In an
embodiment of the present invention, the site transfer rule
precludes sharing objects to a site repository by users without
"can share to site" permission for the site associated with the
site repository. Sharing objects may include performing a share
type administration to store a reference to an object in a
respective repository. In an embodiment of the present invention,
the site transfer rule precludes sharing objects to a system
repository by users without site-level "can share to server"
permission.
[0095] The site administration rule defines permission value
settings for object to specify the scope of administrative
privileges automatically provided to an administration group. In an
embodiment of the present invention, a site administrator group is
granted full administrative privileges over objects created for a
site. This rule enables a user assigned to the administration group
for a site to maintain strict control over the site as well as
prevents the creation of objects by users other than users assigned
to the administration group which may be then left the
responsibility of the users in the administration group.
[0096] The non-site administration rule defines the scope of
administration privileges provided to a group as a result of object
creation. A user may be included in a set of groups with can create
privileges. In an embodiment of the present invention, a non-site
administration group is granted full administrative privileges over
objects created by a user in the non-site administration group and
granted can create privileges by the non-site administration group.
In an embodiment of the present invention, a non-site
administration group is selected to be granted full administrative
privileges over objects created by a user in groups which include
the non-site administration group and granted can create privileges
by the non-site administration group.
[0097] FIG. 5c is an exemplary diagram explaining the application
of the non-site administration rule. The non-site administration
rule applies when a user having can create privileges creates an
object in a site. In an embodiment of the present invention, a user
having can create privileges due to membership in a single group
will result in the single group having full privileges over objects
created by the users. In an embodiment of the present invention, a
user having can create privileges due to membership in more than
one group will result in one of the groups having full privileges
over objects created by the user. The group having full privileges
is selected by the user. In an embodiment of the present invention,
a user having can create privileges due to membership in more than
one group, including a site administration group, will result in
the site administration group and another one of the group having
full privileges over objects created by the user. The group other
than the site administration group having full privilege is
selected by the user.
[0098] In the embodiment of FIG. 5c, column 510 is a list of groups
having "can create z" permission for a site Y. Each cell in columns
512-520 specifies the groups that users 1-user 5 have membership.
In the examples shown in FIG. 5c, User 1 is a member of the site Y
Administrator Group. The site Y Administrator Group is
automatically given full administrator permission over Z without
prompting user 1 to select the group. User 2 is a member of both
Group A and the site Y Administration Group. Group A is selected to
grant full administration privileges over Z with prompting to user
2. The site Y Administration Group is automatically granted full
administrative privileges over Z without prompting user 2. User 3
is the similar to User 2 except that the user may select more than
one group to grant full administration privileges over Z. User 4 is
similar to User 1 in that the site administrator group is
automatically granted full administrative privileges over Z without
prompting user 4, while Group A is selected to grant full
administrative privileges over Z with prompting to user 4. User 5
is similar to User 3 except that the user is prompted to select 1
or more groups.
[0099] The delegated administration rule requires that an object
created by a delegated administrator in a system context designates
at lease one group having can create privileges for the object to
receive full administrative permission over the object.
[0100] Framework Administration
[0101] Administration of sites may be implemented by site
administration software 314. Administration may include, but is not
limited to, deploying a site, locking down elements, creating sites
anywhere in Framework 100, granting and revoking privileges to
users for performing administration, configuring privileges for
sites, mapping created sites to URL, modifying systems properties,
site branding, sharing objects between sites and deploying
components between portals. The administration of sites may be
performed in a site context and a system context. Administrative
users and delegated administrative users having both administrative
visible privileges for a site and can access site administration
context privileges for the site may perform administration in a
site context. The Administrative users and delegated administrative
users may be granted these privileges through the setting of
administrative visible permissions for a site and can access
administration context permissions for the site.
[0102] Administrative users and delegated administrative users
having both can see system repository privileges and can access
system-wide administration context privileges may perform
administration in a system-wide context. The Administrative users
and delegated administrative users may be granted these privileges
through the setting of can see system repository permissions and
can access system administration context permissions. The
Administrative users and delegated administrative users may perform
administration on all objects in Framework 100 based on privileges
automatically granted, such as server administrators, or by
delegation, such as delegated administrators. Administration may be
performed on a site context to system properties having default
values.
[0103] The creating site administration type may include creating
sites. Sites may be created on Framework 100 in a bulk automated
fashion and a manually piece by piece fashion. The number of sites
that may be created is unlimited. Additionally, sites may be
created where sites are organized in a tree structure forming a
site hierarchy. Created sites may be viewed and maintained by users
granted privilege to view and/or maintain created sites. Privileges
may be granted to users automatically or by delegation.
[0104] Sites may be created on Framework 100 in a bulk automated
fashion and a manual piece by piece fashion. Bulk site-creation may
be performed by employing an XML-based Sites Installation Utility.
Bulk site-creation may be performed at an initial installation of
the present invention or at a special post-installation of the
present invention. Installation of the present invention may be
performed without restarting systems of Framework 100 based on the
types of elements, such as new module types and users contained
within added sites. Software installer and individual module
installers enable the addition and update of sites without
restarting the software instance. This bulk mechanism shall work
across clustered installations.
[0105] Manual Site creation may be performed by a set of users as
defined by privilege granted automatically or specifically
delegated by a user with privileges to delegate such privilege. The
set of users may include a user, such as a server administrator, a
set of users assigned site creation privileges by the user, and a
set of users assigned site creation privileges by the set of users
assigned site creation privileges.
[0106] The number of sites that may be created is unlimited. In an
embodiment of the present invention, the number of sites that may
be created is predetermined to a maximum number of N sites. The
maximum number of sites created versus the number of remaining
sites that may be created is available to a user, such as a server
administrator. In an embodiment of the present invention, the
creation of a maximum number sites precludes the creation of
additional sites beyond the maximum number. This may disable the
availability of create site functionality.
[0107] Each site may include selectable options to control
accessibility to a site. The selectable option includes a site
enabled, site preview, a remember me and re-authentication. These
options may be selected by administrators, such as site and server.
The site enabled option may control the publishing of a site and
the visibility of the site by end-users. The site enabled options
overrides standard permissions on the site for viewing the site.
Site administrators for a site may view the site despite the
setting of the site enabled option. The site preview option may be
selectable from the administration console. An administrator of
multiple sites may preview each of the sites in a system context
employing an administration site. Previewing a site includes an
administrator selecting the identity of a user to define a
perspective from which to preview a site. In an embodiment of the
present invention, the administrator has edit/delete permission
over the user whose identity is selected. The re-authentication
(re-login) option for a site requires a user who has already logged
to another site in Framework 100 to login to the site that requires
re-authentication. Once a user has logged into a site with the
re-authentication option selected, the user will be authenticated
for the duration of the session with the site. In an embodiment of
the present invention, a user should remain authenticated against
all sites in the system that the user was previously authenticated.
The Remember Me option allows users ids to be stored on their
computer.
[0108] The ability of a user to perform administration may be
defined by create site privileges granted to the user. In an
embodiment of the present invention, the created site privileges
may be granted by setting requisite permissions for the user.
Create site privileges may be granted automatically and by
delegation. For example, create site privileges may be granted
automatically to the user, such as server administrator and a
member of a site administration group, upon the occurrence of an
event, such as installation of the present invention and creation
of a site. Alternatively, create site privileges may be granted by
delegation to the user, such as delegated administrators and
end-users, upon the assignment of create site privilege by a user
having create site privileges. Sets of users automatically granted
create site privileges facilitate the maintenance of sites. Site
administrators exist for as long as the site for which they have
create site privileges exists. For example, a site administration
group is created upon the creation of a site and automatically
receives create site privileges to create a site as well as
immediate control over the sites functionality, look-and-feel,
navigational format, and user membership. This group and the
members assigned to this group may exist for as long as the site
that their create site privilege is based upon exists.
[0109] Sites created in Framework 100 may be organized in a tree
structure to form a site hierarchy. A site hierarchy is a group of
sites that have a hierarchical administrative organization.
Administrators of a site may perform administration on a sub-site
of the site including granting create site privileges to users to
create sub-sites to the site and can share to site privileges to
users to allow sharing objects to the site. Privileges granted by a
site administrator to users of sub-sites may be revoked by the site
administrator. This type of site creation provides a permissioning
hierarchy. FIG. 6 illustrates an exemplary embodiment of a site
hierarchy, implemented by the present invention. In the FIG. 6
embodiment of the present invention, Site A (602a) and site B
(602b) are parent sites (top-level site). These top-level sites
were created by a set of users (604), such as server
administrators, automatically granted create site privileges upon
an event, such as installation of the present invention. Upon
creation of the top level site 602, a set of users 606a and 606b,
such as members of a site administrator group, were defined to
maintain the top level sites 602 respectively, were granted create
site privileges to create sub-sites to the top-level sites 602 and
can add/can share to site privileges to service objects with sites,
such as by storing a reference to an object in the site's
repository directly or indirectly. In the FIG. 6 embodiment of the
present invention, create site privileges may not be granted by
delegation to the set of users 606 or other sets of users based on
create site privilege of a top-level site 602 by users 604 or
606.
[0110] Each of the users in the set of users 606a may create a set
of sub-sites, such as site C (608a) and site D (608b), of site
602a. Likewise, each of the users in the set of users 606b may
create a set of sub-sites, such as site E (608c), of site 602b.
Upon creation of sub-sites 608, a set of users 610a, 610b and 610c,
such as site administrators, were defined to maintain sub-sites 608
respectively as well as automatically granted create site
privileges to create sub-sites to sub-sites 608. In the FIG. 6
embodiment of the present invention, create site privileges may be
granted by delegation to sets of users (not shown) based on create
site privilege of sub-sites 608 by users, such as 610, having
create site privileges for sub-sites 608.
[0111] Each of the users in the set of users 610 may create a set
of sub-site, such as site F (612), of site 608a. Upon creation of
sub-site 612, a set of users 614, such as site administrators, were
defined to maintain sub-site 612 as well as automatically granted
create site privileges to create sub-sites to sub-site 612. In the
FIG. 6 embodiment of the present invention, create site privileges
may be granted by delegation to sets of users (not shown) based on
create site privilege of sub-site 612 by users, such as 614, having
create site privileges for sub-sites 612.
[0112] The set of users, such as server administrators, may perform
modifying systems properties type administration on properties
including system module display categories, default branding/theme,
default module palette set for new sites and default security
settings. Default security setting include allow self-registration,
email replacement passwords, allow guest users, force
re-authentication and allow per-user branding overrides. Default
value settings are values that one or more permission of all new
sites will be given automatically.
[0113] The set of users, such as server administrators, may also
perform modifying systems properties type administration on
properties and objects including administrative site branding,
dialog pages, error pages and tool modules. Administrative site
branding includes setting the theme and structure of a site as well
as enabling child site to override administrative site
branding.
[0114] The mapping created sites to URL type administration may be
performed on sites created in Framework 100. A site mapping to a
URL type administration is an association of a particular site with
a valid hostname for a server/computer. In an embodiment of the
present invention, site to URL mappings will be specified in the
system administration context by, a set of user for a site, such as
server administrator. Each site in the system can have a set of URL
mappings. For example, a URL can only be mapped to one site.
[0115] Site to URL mappings specified in a system administration
context may be overridden by modifying primary site values. In an
embodiment of the present invention, primary site values are
modified employing an administration site for a set of users, such
as end-users. The administration site may be provided as a form for
setting primary site values. FIG. 7 depicts an exemplary form for
setting primary site values according to an embodiment of the
present invention. The form 700 may include a site column 702 and a
primary site column 704. The site column 702 lists sites in
Framework 100 accessible (enabled) to a set of users for whom
primary site settings are being set, and "visible" for an
administrative set of users, such as site administrators. Primary
site column 704 indicates a site designated as a primary site from
the list of sites in the site column 702. The designation of a
primary site is optional and may be forgone by designating
None.
[0116] A server administrator may optionally select a site as a
default site for framework 100. In an embodiment of the present
invention, a default site is provided whenever a requested URL or
IP address is not mapped to a site in Framework 100. A server
administrator may optionally select wildcard DNS behavior for
sites. The wildcard DNS option disables site to URL mappings to
make new sites in the system automatically addressable as
http://sitename.domainname. The domain name, such as
"epicentric.com", will be shared by all sites when the wildcard DNS
option is selected.
[0117] An object of a site may be shared (reused between sites) and
made available for reuse by another site directly or indirectly.
FIG. 8 illustrates an exemplary embodiment of object sharing
(reuse) between sites employing Framework 500, implemented by the
present invention. In the FIG. 8 embodiment of the present
invention, various methods are depicted for sharing an object of
site A 802 to site B 804 and site C 814 under system and site
administrative contexts. Permissions for sharing an object within a
site may be set from within a site context and system context.
Permissions set from a site context will generate a system group in
the source group column for any new permissions added to a
Permissions Granted table.
[0118] An object may be directly shared with a site in a site
context. In an embodiment of the present invention, a reference to
an object of site A 802 is stored in the site repository for site
A. The object of site A may be shared directly with site B 804
through the execution of a share type administration. The share
type administration may include storing, in the site B repository,
a duplicate of the reference to the object. The execution of a
share type administration may require that the site performing the
type administration have can share privileges with respects to the
site where the object is being shared. This privilege may be
granted by setting a can share to site B permission for site A 804.
Users of site A, such as site Administrators for site A, may be
precluded from viewing the site B repository. Users of site A, such
as site Administrators for site A, may be notified of objects
shared as well as allowed to discontinue use of shared objects. The
object shared may be added to site B through the execution of a
share type administration.
[0119] An object may be indirectly shared with a site in a site
context. In an embodiment of the present invention, a reference to
an object of site A 802 is stored in the site repository for site
A. The object of site A 802 may be made available for reuse by site
B 804, through the execution of a type administration. The type
administration may include storing, in the section of the shared
repository for site B, a duplicate of the reference to the object.
The object made available for reuse by site B may be shared with
site B by executing another share type administration. This share
type administration may include storing in the site B repository, a
second duplicate of the reference to the object site A. The
execution of a share type administration may require that the site
performing the share operation have can share privileges for the
shared repository. The user performing the share type
administration to share the object to the site may have can add
privileges with respect to the site where the object is being
shared. These privileges may be granted by setting a can share to
site B permission for site A 802. Users of site A, such as site
Administrators for site A, may be precluded from viewing the site B
repository. Users of site A, such as site Administrators for site
A, may be notified of objects shared as well as allowed to
discontinue the availability of objects for reuse that they
transferred. The object shared may be added to site B through the
execution of a share type administration.
[0120] In an embodiment of the present invention, a reference to an
object of site A 802 is stored in the site repository for site A.
The object of site A 702 may be shared indirectly or made available
for reuse by site B 804, through the execution of a share type
administration. The share type administration may include storing,
in a system repository, a reference to the object of site A. The
object made available for reuse by site B may be shared with site B
by executing another share type administration. This share type
administration may include storing in the site B repository, a
second duplicate of the reference to the object for the object of
site A. The execution of a share type administration may require
that the site performing the share type administration have can
share to system privileges with respects to the system repository.
The user performing the share type administration to add the object
to the site may have can see shared privileges with respects to the
site where the object is being added. This privilege may be granted
by setting a can share to site B permission for site A 804. Users
of site A, such as site Administrators for site A, may be precluded
from viewing the site B section of the shared repository. Users of
site A, such as site Administrators for site A, may be notified of
objects shared as well as allowed to discontinue the availability
of objects for reuse that they transferred. The object shared may
be added to site B through the execution of a share type
administration.
[0121] An object shared to a first site may be further directly
shared to another site by the first site. In an embodiment of the
present invention, a duplicate reference to an object of site A 802
is stored in the site repository for site B. The object whose
duplicate reference is stored in the site B repository of site B
may be shared directly with site C 814 through the execution of a
share type administration. The share type administration may
include storing, in the site C repository 816, another duplicate of
the reference to the object. The execution of a share type
administration may require that the site performing the type
administration have can share privileges with respects to the site
where the object is being shared. This privilege may be granted by
setting a can share to site C permission for site B. Users of site
B and site A, such as site Administrators for site A and site B,
may be precluded from viewing the site C repository 816. Users of
site A and site B, such as site Administrators for site A and site
B, may be notified of objects shared as well as allowed to
discontinue use of shared objects. The object shared may be added
to site C 814 through the execution of a share type
administration.
[0122] An object share to a first site may be further indirectly
shared with another site by the first site in a site context. In an
embodiment of the present invention, a duplicate reference to an
object of site A 802 is stored in the site repository for site B.
The object of site A 802, whose duplicate reference is stored in
the site repository of site B, may be made available for reuse by
site C 814, through the execution of a type administration. The
type administration may include storing, in the section of the
shared repository for site C 814, a duplicate of the reference to
the object. The object made available for reuse by site C may be
shared with site C by executing another share type administration.
This share type administration may include storing in the site C
repository, a second duplicate of the reference to the object site
A. The execution of a share type administration may require that
the site performing the share operation have can share privileges
for the shared repository. The user performing the share type
administration to share the object to the site may have can add
privileges with respect to the site where the object is being
shared. These privileges may be granted by setting a can share to
site C permission for site B 804. Users of site A and site B, such
as site Administrators for site A and site B, may be precluded from
viewing the site B repository. Users of site A and site B, such as
site Administrators for site A and site B, may be notified of
objects shared as well as allowed to discontinue the availability
of objects for reuse that they transferred. The object shared may
be added to site C through the execution of a share type
administration.
[0123] In an embodiment of the present invention, an object of site
A 802, whose duplicate reference is stored in the site repository
for site B, may be shared indirectly or made available for reuse by
site C 814, through the execution of a share type administration.
The share type administration may include storing, in a system
repository, a duplicate reference to the object of site A. The
object made available for reuse by site C may be shared with site C
by executing another share type administration. This share type
administration may include storing in the site C repository, a
second duplicate of the reference to the object for the object of
site A. The execution of a share type administration may require
that the site performing the share type administration have can
share to system privileges with respects to the system repository.
The user performing the share type administration to add the object
to the site may have can see shared privileges with respects to the
site where the object is being added. This privilege may be granted
by setting a can share to site C permission for site B 804. Users
of site A and site B, may be precluded from viewing the site C
section of the shared repository. Users of site A and site B may be
notified of objects shared as well as allowed to discontinue the
availability of objects for reuse that they transferred. The object
shared may be added to site C through the execution of a share type
administration.
[0124] Once a reference to an object has been stored to either the
site repository of a site or the section of the shared repository
of a site, a user of the site having can share privileges for
another site may make available for reuse or share any one of the
objects to the other site. This chain of reuse may be performed by
any user granted can share privileges and having a shared object
associated with a site in which they administer. In an embodiment
of the present invention, objects in a chain of transfer will
remain read-only.
[0125] An object shared or made available to a site may be made
unavailable and unshared from the site. In an embodiment of the
present invention, an object shared or made available to a site may
be unshared and made unavailable for reuse, respectively, through
the execution of a share type administration. The share type
administration may include removing a reference to the object from
a repository. The repository may be a repository of the site, a
share repository and a systems repository. For example, site A may
discontinue the availability of objects transferred to site B for
reuse by site A. The availability of objects for reuse by a site
and sharing of objects may be discontinued despite the can add
privileges of a site. For example, availability of an object is
discontinued by executing a share type administration to remove a
reference to an object from a section of a shared repository for a
site, even when the reference to the object has been stored in the
site repository for the site. The adding of objects to a site,
making of objects available for reuse by a site, sharing of
objects, making of objects unavailable and unsharing of objects has
no effect on administrative privileges granted to users and groups
for the objects.
[0126] In an embodiment of the present invention, objects shared,
made available for reuse, added to a site, made unavailable for
reuse and unshared may include compound objects. Compound objects,
for the purposes of the present invention, are objects that include
child objects that are structured in a hierarchy. Compound objects
include sites, menus, and pages. A site compound object includes,
but is not limited to, a site, menus, pages and modules. For
example, a site includes menus, the menus include pages and the
pages include modules. A menu compound object includes, but is not
limited to, a menu, pages and modules. A page compound object
includes, but is not limited to, a page and modules.
[0127] In an embodiment of the present invention, menus, pages and
modules are the compound objects that may be shared recursively.
Recursive sharing includes storing a reference to each child object
of a compound object when a reference to the compound object is
stored in a repository. For example, sharing a page including three
modules to a site includes storing a reference to the page in the
repository for the site as well as references to each of the three
modules. In an embodiment of the present invention, compound
objects may be shared and made available for reuse without each
child object of the compound object when a reference to the
compound object is stored to a repository. For example, sharing a
page including three modules to a site, but only sharing the page
with two modules, includes storing a reference to the page in the
repository for the site as well as references to two modules.
[0128] In an embodiment of the present invention, child objects
whose reference are not stored with their respective compound
object will not appear with the compound object when the compound
object is added to the site. For example, a menu shared with some
of the pages that the menu points to, but not all of them, will
appear with broken links on the menu when the menu is added to the
site. Child objects not shared may be obtained for addition to the
site in another manner. For example, the broken links of the menu
may be customized by obtaining the non-shared pages elsewhere on
Framework 100 or different pages in accordance with edit privileges
that are granted over the menu. In an embodiment of the present
invention, sharing a compound object with a site, making a compound
object available for reuse by a site and adding a compound object
for use by a site includes determining whether the compound object
is in a site repository for a site and determining whether the user
has end-user enabled permission on the compound object.
[0129] A compound object made available for reuse by a site, shared
to a site, and added to a site may be made unavailable and unshared
from the site. In an embodiment of the present invention, a
compound object shared or made available to a site may be unshared
and made unavailable for reuse, respectively, through the execution
of a share type administration. The share type administration may
include removing a reference to the compound object as well as
references to all child objects from a repository. For example, a
page with three modules made unavailable for reuse includes
removing reference to the page and the reference to the three
modules from the repository. In an embodiment of the present
invention, the removal of references to objects from a repository
of objects added to a site removes the objects from the site. Child
objects not shared, but obtained elsewhere, will remain available
for sharing.
[0130] User groups may be shared between sites. In an embodiment of
the present invention, user group objects shared with a site are
shared as read-only. The site that the user group object are shared
with will not be able to add users to, or delete users from, this
group. Permission for this group will not be modifiable. A set of
users for the site may be granted privileges to modify the
permissions for the group.
[0131] An object that references and uses other objects may be made
available for reuse by a site, shared to a site and added to a
site. The object may be made available, shared and added to a site
through the execution of a share type administration. The share
type administration may be a simple share and a compound share.
FIG. 9 is an exemplary table illustrating objects and the objects
they may reference and use. In a simple share type administration,
a reference to the object that references other objects is stored
in a repository. In a compound share type administration references
to the object that references other objects and reference to the
other objects are stored in a repository.
[0132] Permissions can be inherited via group hierarchy, shares can
also be inherited via group hierarchy. This doesn't mean that
shared objects will appear in multiple repositories according to
hierarchy. It means that a site administrator who is higher up in
the hierarchy than two other site administrator groups will be able
to see and manipulate not only his/her own shares, but his/her
child group's shares.
[0133] Sites may be configured to have a specific look-and-feel.
The look-and-feel of a site is referred to, for purposes of the
present invention, as the branding for the site. Objects in a site
that may have branding include pages of a site and navigational
elements of a site. Branding may include a theme and a structure. A
theme may be a collection of styles on a page of a site. Branding
for a site may be determined, in part, by associating a theme with
the site. Each style in the collection of styles may pertain to a
particular template (element). A set of styles, one for each of the
element, may be grouped together to form a single theme. A server
administrator may specify the branding for a site, including an
administration site.
[0134] In an embodiment of the present invention, a theme is a
permissionable and sharable object in a site. Each theme may
include a system set of colors and fonts when first created. System
color and font settings are displayed in the system context. Sever
administrators can add additional color and font settings to
themes. The additional color and font settings may be overridden
for each theme on framework 100. End users may override font and
color settings with their own settings on sites that apply a
font/color option. A font/color option for a site may enable end
users to override system font and color setting with their own
fonts and colors for that particular site.
[0135] In an embodiment of the present invention, a style is a JSP
code fragment that controls the way a particular element is
displayed. Any number of different styles may be used to display an
element. Styles may be provided as style objects in administrative
sites. In an embodiment of the present invention, style objects are
permissionable objects that can be shared between sites. Elements
include, but are not limited to, a chrome, a footer, a header,
navigation (site controls) and tabs (navigation). The chrome
includes elements that surround the actual content of a module. For
example, a module title, as well as, edit, minimize, and delete
buttons are all part of the module chrome. The header includes
content that typically appears at the top of a page. The site
controls include buttons, links, or other elements for navigating
to web pages that support other site features (such as user
personalization pages). Site controls may be available in both
horizontal and vertical configurations. Navigation includes
navigational elements for switching between front-door pages of a
site. Navigation may be available in both horizontal and vertical
configurations.
[0136] In an embodiment of the present invention, a structure may
be the layout of elements on a page of a site. A structure may be a
JSP code segment that defines the arrangement (look and feel) of
elements on a particular page. A structure may contain hard-coded
custom look-and-feel logic (HTML and/or JSP). In an embodiment of
the present invention, structures are permissionable objects that
can be shared across between sites.
[0137] The types of branding employable by a site includes a site
default branding, an installation default branding and a guest
branding. Guest branding includes a theme and structure that may be
provided to a guest user by a site allowing access to
unauthenticated (not logged in) users. A guest user module set may
be employed for each page in order to specify modules available to
the guest users. Each guest user module set may be provided on an
administrator site for a site. An administrator may modify a guest
user module set for a page that the administrator has can
edit/delete privileges defined by can edit/delete permission for
the page.
[0138] Default branding includes a theme and structure
automatically specified for a site when the site is created.
Default branding may be employed in a site allowing access by
UN-authenticated users where guest branding is not specified. The
default branding for a site may be overridden by a site
administrator of the site. Overriding default branding may be
performed by specifying a new theme and a new structure for the
site. Overriding of default branding includes brand for menu items
on a site. A higher level chrome branding may be overridden by
specifying a chrome within a site as the new chrome for the site.
Installation default branding includes a theme and structure
specified for a site without default site branding.
[0139] The branding of navigational elements for a page of a site
may include a structure. In an embodiment of the present invention,
the structure of navigational elements includes one set of
navigation elements, two sets of navigational elements, and
grouping of different navigation levels into two sets. Site
navigation elements may include any number of navigation levels.
FIGS. 10-11 are exemplary embodiments of multi-level navigational
configurations. In the FIG. 10 embodiment of the present invention,
a three level navigational menu 1000 is depicted with level-1 1002,
level-2 1004 and level-3 1006 each configured horizontally. In the
FIG. 11 embodiment of the present invention, a three level
navigational menu 1100 is depicted with level-1 1102 and level-2
1104 each configured horizontally and level-3 vertically 1106.
[0140] The structure component of a branding may contain two
distinct navigation elements. One of the two distinct navigation
elements may render one set of menus on a page and the second of
the two navigation elements may render a second set of menus on a
page, as will be discussed in detail herein below. The structure
component determines the set of menus rendered by a navigation
element. A site administrator may specify the menu levels to be
rendered by a plurality of navigational elements in a site having a
plurality of menu levels.
[0141] For example, in circumstances involving two navigation
elements, a site administrator may specify the first and second
menu levels to render employing a first navigation element and the
third level through the fifth level to render employing a second
navigation element. The first navigation element will render menu
levels 1-2 and the second navigation element will render menu
levels 3-5. Alternatively, a site administrator may specify the
menu levels to render employing a navigational element in a site
having a plurality of menu levels. For example, in circumstances
involving one navigation element, a site administrator may specify
the second menu level to render employing by the navigational
element, when a first menu level is grouped in a first subset and
the remaining levels are grouped in a second subset. The
navigational element will render the second menu level and the
remaining levels in the second subset.
[0142] Branding may be included on an administration site. The
branding on an administration site may be specified in a system
context of an administration site. Server administrators may set
the branding for the administration site. There may be an "allow
referring sites to override admin site branding" option, which is a
system-wide setting that controls whether or not the administration
site's look-and-feel will change based on a referring site's
look-and-feel. The sub-section of the system admin site that
controls these branding settings must ALWAYS be accessible in the
event that the admin site's branding fails for some reason. (The
"Diag" sub-section should also always be accessible, regardless of
potential branding deployment problems.)
[0143] FIG. 12 is an exemplary diagram illustrating deployment
management for importing and exporting components of a site between
portals employed by framework 100. Deployment management may be
implemented by a deployment management API 1202 within software
314. Deployment management may include importing and exporting
components of a site. Components of a site may include assets of
objects in association with the site, such as modules as well as
elements that define the look, feel and navigation. Assets of an
object include non-file assets and file assets.
[0144] A component may be exported through a deployment type
administration. Deployment type administration to export a
component may include designating a component for export employing
a graphical user interface. An administration site may provide the
graphical user interface. In an embodiment of the present
invention, multiple components may be simultaneously designated for
export including, but not limited to, components corresponding to
an entire site. Components may be exported between systems over a
network 1204 employing techniques to transfer files, such as FTP.
In an embodiment of the present invention, components may be
exported between systems by transfer to a computer readable
medium.
[0145] Deployment management API may employ a set of subsystems
1206 for a site. Each of the subsystems is configured to manage a
type of component associated with the site. In the FIG. 12
embodiment of the present invention, the set of subsystems for a
site includes a site subsystem, a module subsystem, a template
subsystem and a style subsystem. Deployment management API may
query subsystems to identify components. A subsystem may identify
components for which the subsystem is configured to manage. For
example, module subsystem may be queried to identify modules that
have been associated with the particular site.
[0146] Each subsystem may collect assets, such as file assets and
non-file assets, of each component they identified. In an
embodiment of the present invention, the non-file assets may be
constructed as an extensible markup language fragment, such as an
XML fragment, having a predetermined structure. The extensible
markup language fragment may contain the descriptor ID of
identified components and the ID of the subsystem that identified
the component. In an embodiment of the present invention, each
subsystem collects the extensible markup language and the file
assets for the components they identified. In an embodiment of the
present invention, the extensible markup language and file assets
collected by each subsystem are grouped together.
[0147] The extensible markup language and the file assets collected
by a subsystem may be stored as an individual file. FIG. 13 depicts
an exemplary collection of extensible markup language 1302 and the
file 1304 assets stored as individual export files. The individual
export files may be component archive (CAR) files 1306. In the FIG.
12 embodiment of the present invention, CAR files may include a
page CAR file, a module CAR file and a menu CAR file. Individual
CAR files may be collected and stored as a group export file. In an
embodiment of the present invention, the group export file (TRUCK)
1308 is a file ready for transport in a zip format. Export files
may be transmitted over a network to a remote system employing a
file transfer protocol, such as FTP. In an embodiment of the
present invention, export files may be transferred employing a
computer readable medium.
[0148] Export files may be imported by a remote system. The export
files may be imported through a deployment type administration.
Deployment type administration may include designating an export
file employing a graphical user interface provided by an
administrative site. The export file may be any one of a CAR file
or a TRUCK file. In an embodiment of the present invention,
designation of a TRUCK file generates the extraction of each CAR
file in a TRUCK file. Extensible markup language for each CAR file
may be examined to determine descriptor IDs included within the
extensible markup language. Based on the descriptor IDs, components
may be identified. The components may be extracted to the
appropriate location in a file system of the portal. The XML
fragment is then parsed and the objects contained therein are
instantiated in the database or other relevant location.
[0149] Navigation within a site may be hierarchical where a
navigable item contains a navigable item. Navigable items include a
page, a site, a uniform resource locator, a navigation level and a
JSP include file. Navigation within a site may be an arbitrary
hierarchical ordering of menu items that are arranged into distinct
levels. A site navigation for a site may grow or shrink
arbitrarily. The growth and shrinkage of a site navigation is
dependent on the construction of the site navigation by an
administrator, such as site or server. For example, an
administrator may construct a site navigation with 2 items but may
modify the site navigation to 3 items. In an embodiment of the
present invention, each menu item is a navigable link to any one of
the navigable items.
[0150] A navigable link may be associated with a title. In an
embodiment of the present invention, each menu item is associated
with one link and title despite the location of the menu item. A
site navigation definition may be associated with each menu item.
FIG. 14 illustrates menu items of menus with link titles for menu
items definitions. In the FIG. 14 embodiment of the present
invention, menu items 1402 may link the user to the navigable item
as specified by navigation definitions 1404. The menu item types
include, but are not limited to, link-out type menu items and
contained type menu items. In an embodiment of the present
invention, a link-out menu item is one in which the link that is
specified causes a redirect out of a particular site. For example,
menu items that refer to URLs or other sites are link-out menu
items. In an embodiment of the present invention, a contained menu
item is one in which the link that is specified navigates to a page
within the site. For example, a menu item containing a link to a
page or a JSP include file is a contained menu item. Contained menu
items cause a page within a site to be displayed. So contained menu
items are the only kind of menu items that can be branded.
[0151] Site navigation may be edited through an edit navigation
type administration. A site administrator having can edit site
navigation privileges for the site employing the site navigation
may perform the edit navigation type administration. The site
administrator may be granted the privilege by having the can edit
site navigation permissions set. Segments of a site navigation may
be captured as a menu object. A menu object is a permissionable and
sharable object. FIG. 15 illustrates a segment of a site navigation
captured as a menu object. In the embodiment of FIG. 15 of the
present invention, a segment 1502 of site navigation 1500 is
selected. The selected segment may be saved as a menu object.
[0152] Returning briefly to FIG. 14. The segment of site navigation
may be selected employing radial button 1406. Selection of a radial
button selects the menu item and sub-menu items for the menu item
as the segment. The menu object may be shared, made available and
added to other sites in the system in order to recreate the segment
of the site navigation on the other sites as a menu of part of a
menu. In an embodiment of the present invention, pages referenced
by a menu object shared to a site are also shared to the site.
Modification to a site navigation employing the menu object may not
effect the segment of the site navigation from which the menu
object originated.
[0153] As a permissionable object a menu object may be enabled or
disabled based on privileges granted a group viewing the site
employing the menu object. In an embodiment of the present
invention, menu items are modified based on the privileges granted
to the group to which a user is a member. In an embodiment of the
present invention, a menu item contained within a menu provides
permissioning in a site context. Permissions for a menu item may
include can edit per-site visibility and can edit settings. Visible
permission over a menu may grant a site administrator privileges to
use that menu in a site navigation. Edit/delete permission may
grant an administrator privileges to arbitrarily edit or delete the
menu. Can Edit Per-Site Branding permission is a per-site privilege
that may allow an admin to override the per-site branding on menu
items contained in the menu.
[0154] The algorithm employed to render menus of a site may be
selected through a menu presentation type administration. The
algorithms to render a menu include a combined and an exclusive. In
an embodiment of the present invention, the default mode for
rendering menus employs the combined algorithm. A site
administrator having privilege to edit menu presentation mode for a
site may perform the selection of the algorithm employed by the
site. FIG. 16a illustrates a table for implementing the combined
algorithm. In the FIG. 16a embodiment of the present invention, the
combined algorithm provides a user access to menus based on the
privileges granted to the user due to membership in groups. In the
embodiment of FIG. 16a, table 1600a includes menu items 1602a-1602e
and groups including an everyone group 1604, a sales group 1606, a
marketing group 1608 and an engineering group 1610 for a site.
Application of the Combined algorithm to a user having membership
in the sales group 1606 and a marketing group 1608 provides the
user with access to Menu Items 1602a-1602c and 1602d. As a result
of all users in framework 100 being members of the everyone group,
the user is provided access to menu items 1602a-1602b.
[0155] FIG. 16b illustrates a table for implementing the exclusive
algorithm. FIG. 16b is best understood when viewed in combination
with FIG. 16a. In the FIG. 16b embodiment of the present invention,
the exclusive algorithm provides a user access to menus based on a
priority level assigned to groups by a site administrator. In the
embodiment of 16b, table 1600b includes groups 1606-1610 that have
been assigned priority levels, where the menu item for the
engineering group 1610 has priority over menu items for both
marketing group 1608 and sales group 1606 and marketing group 1608
has priority over sales group 1606. Application of the exclusive
algorithm to a user having membership in the engineering group 1610
and the sales group 1606 provides the user with access to menu
items 1602a-1602b and 1602d illustrated in FIG. 16a. In an
embodiment of the present invention, menu items enabled for the
everyone group are provided to all users for access and the menu
item for the group having the highest priority to which the users
is a member is also provided.
[0156] A site navigation for a site may use any number of menus.
The site administrator of a site employing menus in its site
navigation can select one of the menus as a top level locking menu.
FIG. 17 depicts an exemplary embodiment of a top level locking
interface. In the FIG. 17 embodiment of the present invention, the
top level locking interface includes drop down menu 1702 and radial
buttons 1704. Drop down menu 1702 may provide an administrator with
menus of a site. Radial button may provide an administrator with
the ability to specify where the menu selected by drop down menu
1702 may be locked. A Menu may be locked to the beginning, the end
as well as the end and beginning of the top level for a site
navigation. Locking at both the beginning and the end of the top
level means that the first level of navigation will be comprised
solely of this menu.
[0157] FIG. 18 depicts an exemplary embodiment of a front door page
of an end user site employing menuing structures according to the
present invention. In the FIG. 18 embodiment of the present
invention, front door page 1800 employs a control menu system 1802
and site navigation menu system 1808. Control menus system include,
but are not limited to, site controls 1804 and page controls 1806.
Site controls 1804 may be rendered by a site controls style. Site
controls 1804 may include links to pages, such as Front Door and My
Account. Page controls 1806 may be rendered by a page controls
style. Page controls 1806 may include links to pages, such as add
and move, and any other page-aware end-user pages except the front
door. Site navigation 1808 may be rendered by one or more site
navigation styles. Site navigation 1808 styles may include
navigation links to Pages and JSP pages including files. The state
of any particular page can be defined at any time by parameters
including a selected control menu tab and a selected navigation
menu item. The selected control menu tab defines which control menu
tab is selected. The selected navigation menu item defines which
site navigation menu item is selected.
[0158] FIG. 19 depicts the rules determining the operation of the
control menu system and a site navigation system according to an
embodiment of the present invention. In the embodiment of FIG. 19,
the page controls menu is rendered if the selected navigation menu
item refers to the content type page. The page content of a page
may be determined by the selected control menu tab. In an
embodiment of the present invention, the Page Content of the page
is determined by the Selected Navigation Menu Item when the
selected control menu tab has a link type front door. The branding
of a page may be determined by the Selected Navigation Menu Item.
In an embodiment of the present invention, selection of a menu item
from the Page Control menu followed by selection of a menu item
from the Site Navigation Menu not linked to a Page object
automatically selects the Front Door link on the Site Control Menu.
The content associated with a Menu Item is displayed in the Page
Content area based on the menu item selected on the site navigation
menu.
[0159] An object of a site may be locked down to prevent
modification of the object. The object may be locked down through
the execution of a share type administration. In an embodiment of
the present invention, users having privilege to lock down objects
include a server administrator and a delegate administrator. For
example, the site administrator is able to lock down the number and
order of pages in the site and most of the modules for each page
except the first. The Site Administrators for the site, who are
employees of another company, are able to change the site's
branding and create several new modules from building blocks to go
on the first page, but not the remaining pages.
[0160] End users may navigate through a site employing a site
navigation tree. In an embodiment of the present invention, end
user will see items on the navigation tree they have been allowed
to see. The end user may navigate to the given page from a
navigation tree. In an embodiment of the present invention, the end
user will see the module instances they have been granted
privileges to see once the end user has reached a page. The
privileges granted to an end user may be based on permission
associated with each module instance and menu item for the site.
The permissions may include a system level permission and an access
permission for the site. In an embodiment of the present invention,
only one of these has to be true for the end user to see the
instance or item.
[0161] FIGS. 20a-20b are exemplary illustrations of consoles
according to an embodiment of the present invention. In the FIG.
20a embodiment of the present invention, a server console 2002 is
depicted. The server console may be employed by a server
administrator to perform administration on a systems context as
discussed above. In the FIG. 20b embodiment of the present
invention, a site console 2004 is depicted. The site console may be
employed by a server administrator to perform administration on a
site context as discussed above.
[0162] While specific embodiments of the present invention have
been illustrated and described, it will be understood by those
having ordinary skill in the art that changes may be made to those
embodiments without departing from the spirit and scope of the
invention.
* * * * *
References